Re: Is it possible to define different source emai...

marlog · ‎11-16-2017

Looks like it is possible to set "Send email as" to a custom email address that would appear in the From field in scheduled alerts/reports. However, this would take effect across the board and we have different teams that would like to use their group emails for their alerts/reports. Is it possible to set different "Send email as" to different alerts/reports?

somesoni2 · ‎11-16-2017

I believe you can set the action.email.from = for each saved search/alert level. See if that's available for update from Splunk Web UI in advanced edit on Searches, reports and alerts.

elliotproebstel · ‎11-16-2017

Sure, if you use the sendemail command inline on the search. For example:

index=myindex | head 10 | sendemail to=recipient@test.com from=sender@test.com

elliotproebstel · ‎11-16-2017

BTW, you can read about the whole list of options available with the sendemail command here:
http://docs.splunk.com/Documentation/Splunk/7.0.0/SearchReference/Sendemail

marlog · ‎11-16-2017

Thank you very much for your suggestion. However, I am looking at "Schedule PDF Delivery" where the Dashboard can be sent as a PDF attachment to an email. And also regular scheduled Alerts.

elliotproebstel · ‎11-16-2017

Ahh, in that case, then I think @somesoni2 is on the right track for helping you in his comment above!

Is it possible to define different source email addresses for different scheduled reports/alerts?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation